Status Tracking Note TRTA08-162A

SNMPv3 Authentication Bypass Vulnerability

Overview

A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass.
Event Information


Date (UTC)Description
2008-06-12 08:30 Bugtraq
SNMPv3 Authentication Bypass - CVE-2008-0960
Vulnerability Proof Of Concept (CVE-2008-0960)
#Cid: snmpv3_exp.tgz
#Cid: 29623.zip
2008-06-11 06:15 JPCERT/CC
JPCERT-AT-2008-0011: SNMPv3 Authentication Bypass Vulnerability
2008-06-10 18:36 SANS Internet Storm Center
SMNP v3 trouble
It seems CERT is coordinating a vulnerability regarding this: "Implementations of SNMPv3 may allow a shortened HMAC code in the authenticator field to authenticate to an agent or a trap daemon using a minimum HMAC of 1 byte." Which obviously isn't the right thing to do.
2008-06-10 16:00 Cisco
cisco-sa-20080610-snmpv3: SNMP Version 3 Authentication Vulnerabilities
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices.
2008-06-10 15:00 US-CERT
TA08-162A: SNMPv3 Authentication Bypass Vulnerability
Via US-CERT Mailing List
2008-06-10 14:41 US-CERT
SNMPv3 Authentication Bypass Vulnerability
US-CERT Current Activity
US-CERT is aware of a vulnerability in implementations of SNMPv3. This vulnerability is due to an error in the way the authenticator field handles shortened hash message authentication code (HMAC). Exploitation of this vulnerability may allow an attacker to read and modify any SNMP object or the configuration of the affected device using the credentials that got them onto the system.
2008-06-09 12:18 Net-SNMP
[ 1989089 ] Fixes VU#878044 and CVE-2008-0960
net-snmp.patch (VU#878044, CVE-2008-0960) release
2008-05-14 00:43 Net-SNMP
[ 1989089 ] Fixes VU#878044 and CVE-2008-0960
net-snmp.patch (VU#878044, CVE-2008-0960)
--- net-snmp-5.4.1/snmplib/scapi.c 2006-09-15 05:47:01.000000000 -0700
+++ net-snmp-5.4.1.1/snmplib/scapi.c 2008-05-13 17:43:17.000000000 -0700


Date first published (UTC): 2008-06-10T23:12+00:00
Date last updated (UTC): 2008-06-16T15:40+00:00
Valid HTML 4.01!